[strongSwan] How to overcome the dpd re-transmission task for IKE_DELETE task?
Martin Willi
martin at strongswan.org
Mon Jul 21 11:54:59 CEST 2014
Hi,
> Is there any other way to administratively shutdown the connection
> using IKE_DELETE, overriding the dpd re-transmission task?
"ipsec down" tries to gracefully close the tunnel, sending a DELETE
message. As there is a DPD exchange in progress, with IKEv2 and a window
size == 1, that message has to be queued.
One could just remove the IKE_SA state without notification, but this is
not what "ipsec down" does. Unfortunately, there is currently no
mechanism to immediately delete such an IKE_SA.
Regards
Martin
More information about the Users
mailing list